package edu.whcp.comp2301.util;


import org.apache.commons.codec.digest.DigestUtils;
import java.security.SecureRandom;
import java.util.Base64;

public class PasswordUtil {

    // 生成随机盐值
    public static String generateSalt() {
        SecureRandom random = new SecureRandom();
        byte[] salt = new byte[16];
        random.nextBytes(salt);
        return Base64.getEncoder().encodeToString(salt);
    }

    // 加盐哈希密码
    public static String hashPassword(String password, String salt) {
        return DigestUtils.sha256Hex(password + salt);
    }

    // 验证密码
    public static boolean verifyPassword(String password, String salt, String hashedPassword) {
        String newHash = hashPassword(password, salt);
        return newHash.equals(hashedPassword);
    }
}